What To Do After a Data Breach
If your data was exposed in a breach, act to limit identity theft, secure your accounts, and monitor for misuse.
Last reviewed: 1 June 2026
First 10 minutes
- Confirm which services and accounts were affected
- Change the password for the breached service immediately
- If you reused that password elsewhere, change those accounts too
- Enable two-factor authentication on the affected account
- Check whether your email or financial accounts use the same credentials
First 24 hours
- Set up a fraud alert or credit freeze with credit reference agencies
- Enable breach-monitoring alerts if not already active (e.g. via your password manager or haveibeenpwned.com)
- Review the breach notification to understand exactly what data was exposed
- Check financial statements for any suspicious activity
- Report identity theft if you find evidence of misuse
Contact your bank or payment provider
- If payment card details were exposed, ask your bank for a replacement card
- Set up transaction alerts if not already enabled
- Monitor statements closely for the next several months
Evidence to preserve
- Save the breach notification email or official announcement
- Note the date of the breach and what categories of data were exposed
- Record any suspicious activity you observe after the breach
- Keep copies of any fraud alerts or credit monitoring sign-ups
Secure your accounts and devices
- Use a password manager to create unique, strong passwords for every account
- Enable two-factor authentication — preferably app-based — everywhere
- Review and revoke connected third-party app access to affected accounts
- Check for email forwarding rules or new devices logged into your accounts
- Consider a full password audit across all important services
Report it
- Report identity theft to your national fraud or identity service if misuse occurs
- Report the breach to your national data protection authority if the company has not notified you properly
- Keep all reference numbers
Data breaches expose personal information that can be used in phishing, account takeover, and identity theft — sometimes immediately, sometimes months later. The response is mostly about containment: changing credentials, limiting the blast radius of reused passwords, and monitoring for signs of misuse.
Prioritise your email account (it can unlock everything else) and any financial accounts. A credit freeze prevents new credit being opened in your name without your knowledge — it is free in many countries and can be lifted when needed.
The breach itself may not be your fault, but the follow-up steps are your best protection. Check haveibeenpwned.com to see which of your email addresses have appeared in known breaches.
Frequently asked questions
How do I know if my data was in a breach?
Check haveibeenpwned.com, watch for official notifications from the affected company, and set up alerts in your email provider or password manager.
What is a credit freeze and should I get one?
A credit freeze prevents new lines of credit being opened in your name. It is free in many countries, does not affect your existing accounts, and is a sensible precaution if sensitive data was exposed.
My password was in the breach — is changing it enough?
Change it everywhere you used it (unique passwords per account are the long-term fix), and enable 2FA. If the breached site stored passwords insecurely, your old password may already be in use.
How long should I monitor after a breach?
At least six to twelve months. Breached data is often sold and misused well after the initial incident. Ongoing credit monitoring and breach alerts help catch late-emerging issues.